| Presentation | 2013-07-19 Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities Khamphao SISAAT, Hiroaki KIKUCHI, Surin KITTITORNKUN, Chaxiong YUKONHIATOU, Masato TERADA, Hiroshi ISHII, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Many of recent cyber-attacks are being lunched by botnets for the purpose of carrying out large scale cyber-attacks such as DDoS, spam email, network scanning, and so on. In many cases, these botnets consist of a lot of bots or compromised PCs, which have been infected by specific malware. These bots try to propagate themselves into other victim via the multiple C&C servers in the Internet, which are controlled by a remote botmaster. This makes it more difficult to identify botnet attacks and harder to trace the source country/IP address of the botmaster. To identify the C&C servers during malware/bot downloading phase, time zone correlation can be used as a tool to identify the time zone of the C&C servers. In this paper, we do a time zone correlation analysis with the malware download up to 100 honeypots in the IIJ MITF (Internet Ini-tiative Japan - Malware Investigation Task Force) Dataset 2012 comprising over 30 million data records and almost 5 hundreds unique malware names. Baesd on GeoIP service, a time zone correlation model has been proposed to determine the correlation coefficient between malware dwnloads from Japan and other countries. We found a strong correlation between ac-tive bot downloads and time zone of the C&C servers. As a result, our model confirmts that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C servers. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Malware / Botnet / honeypot / IIJ Dataset / CCC Dataset / Correlation Analysis |
| Paper # | ISEC2013-47,SITE2013-42,ICSS2013-52,EMM2013-49 |
| Date of Issue |
| Conference Information | |
| Committee | SITE |
|---|---|
| Conference Date | 2013/7/11(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Social Implications of Technology and Information Ethics (SITE) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities |
| Sub Title (in English) | |
| Keyword(1) | Malware |
| Keyword(2) | Botnet |
| Keyword(3) | honeypot |
| Keyword(4) | IIJ Dataset |
| Keyword(5) | CCC Dataset |
| Keyword(6) | Correlation Analysis |
| 1st Author's Name | Khamphao SISAAT |
| 1st Author's Affiliation | The authors are with the Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang, Thailand.() |
| 2nd Author's Name | Hiroaki KIKUCHI |
| 2nd Author's Affiliation | The author is with the School of Interdisciplinary Mathemat-ical Sciences, Meiji University, Japan. |
| 3rd Author's Name | Surin KITTITORNKUN |
| 3rd Author's Affiliation | The authors are with the Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang, Thailand. |
| 4th Author's Name | Chaxiong YUKONHIATOU |
| 4th Author's Affiliation | The authors are with the Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang, Thailand. |
| 5th Author's Name | Masato TERADA |
| 5th Author's Affiliation | The authors is with the Hitachi, Ltd., Japan. |
| 6th Author's Name | Hiroshi ISHII |
| 6th Author's Affiliation | The author is with the School of Information and Telecommunication Engineering, Tokai University, Japan. |
| Date | 2013-07-19 |
| Paper # | ISEC2013-47,SITE2013-42,ICSS2013-52,EMM2013-49 |
| Volume (vol) | vol.113 |
| Number (no) | 136 |
| Page | pp.pp.- |
| #Pages | 8 |
| Date of Issue | |